Changelog:
This is an emergency release to fix a security vulnerability in Emacs.
Enriched Text mode has its support for decoding 'x-display' disabled.
This feature allows saving 'display' properties as part of text.
Emacs 'display' properties support evaluation of arbitrary Lisp forms
as part of instantiating the property, so decoding 'x-display' is
vulnerable to executing arbitrary malicious Lisp code included in the
text (e.g., sent as part of an email message).
This vulnerability was introduced in Emacs 19.29.
3.27.1 (2017-08-14)
! Change client identification string if connecting with SFTP due to OpenSSH disregarding the supported ciphers announced by the client, resulting in less secure algorithms being chosen by OpenSSH.
- MSW: Improve handling of NTFS reparse points
- MSW: If running the installer with /S, previous versions where not uninstalled prior to the new version being installed
- MSW: The installer can be run with /quiet for a semi-silent installation
- OS X, *nix: Potential fix for a rare crash if changing local directories while the local directory list is being updated and vice versa.
3.27.0.1 (2017-07-19)
- MSW: Add misssing file to .zip binary package
- MSW: Fix toolchain issues breaking the shell extension
3.27.0 (2017-07-19)
- SFTP components have been updated and are now based on PuTTY 0.70
3.27.0-rc1 (2017-07-11)
+ Support for the Storj decentralized cloud storage provider
- MSW: Fix display of file type of directories if the directory name contains a dot
- Fix assertion if entering an invalid protocol prefix into the host field on the quickconnect bar or in the site manager
- Improve error message if TLS certificate verification fails due to a missing stapled OCSP resonse
- Building and running FileZilla now depends on libfilezilla >= 0.10.0 (https://lib.filezilla-project.org/)
3.26.2 (2017-06-12)
- Fixed crash if using master passwords and decrypting very long passwords
3.26.1 (2017-06-02)
- Fixed crash if changing password settings and the Site Manager contains subdirectories
- *nix: Fixed saving of sites having more than one site-specific bookmark
3.26.0 (2017-06-01)
- When changing or removing the master password, update protected credentials of server items in the transfer queue
- Fix display of remember checkbox when showing the password entry dialog for sites that have no username set and are using the "Ask" logon type
- Some icons were missing in the Windows .zip binary archive
3.26.0-rc1 (2017-05-25)
+ Passwords can now be stored encrypted, protected with a master password
+ Building and running FileZilla now depends on libfilezilla >= 0.9.2 (https://lib.filezilla-project.org/).
+ Building and running FileZilla now depends on wxWidgets >= 3.0.3
Carry forward libtool patch from 3.0.2, with LDFLAGS changes
included.
This is a bug fix release with no significant new features compared
to the previous 3.0.x releases and compatible with them at both the
API and the ABI level (i.e. all applications linked against earlier
3.0.x DLLs or shared libraries will continue to work when using
3.0.3 libraries).
The full list of changes in this release is available at
https://raw.githubusercontent.com/wxWidgets/wxWidgets/v3.0.3/docs/changes.txt
(starting from the line 583, or search for "3.0.3" in this file),
here are some selected ones:
* In all ports:
- Support requestion modern (3.x+) OpenGL version in wxGLCanvas.
- Fix using wxHTTP and wxFTP from worker thread.
* In wxGTK:
- Support for Gstreamer 1.0 in wxMediaCtrl, in addition to obsolete 0.x.
- Several fatal bug fixes for GTK+ 3.
## 1.4.1 / 2017-06-21
* Don't ask .empty? until it's a String. (#38)
* rename Liquid 4 `has_key?` to `key?` to add compatibility for liquid 4 (#41)
* Test against Ruby 2.1 to 2.4 (#45)
3.5.2 (2017/8/18)
* Backport #6281 for v3.5.x: Fix Drop#key? so it can handle a nil argument (#6288)
* Backport #6280 for v3.5.x: Guard against type error in absolute_url (#6287)
* Backport #6266 for v3.5.x: Memoize the return value of Document#url (#6301)
* Backport #6273 for v3.5.x: delegate StaticFile#to_json to StaticFile#to_liquid (#6302)
* Backport #6226 for v3.5.x: Reader#read_directories: guard against an entry not being a directory (#6304)
* Backport #6247 for v3.5.x: kramdown: symbolize keys in-place (#6303)
3.5.1 (2017/7/18)
Minor Enhancements
* Use Warn for deprecation messages (#6192)
* site template: Use plugins key instead of gems (#6045)
Bug Fixes
* Backward compatiblize URLFilters module (#6163)
* Static files contain front matter default keys when to_liquid'd (#6162)
* Always normalize the result of the relative_url filter (#6185)
Documentation
* Update reference to trouble with OS X/macOS (#6139)
* added BibSonomy plugin (#6143)
* add plugins for multiple page pagination (#6055)
* Update minimum Ruby version in installation.md (#6164)
* [docs] Add information about finding a collection in site.collections (#6165)
* Add {%raw%} to Liquid example on site (#6179)
* Added improved Pug plugin - removed 404 Jade plugin (#6174)
* Linking the link (#6210)
* Small correction in documentation for includes (#6193)
* Fix docs site page margin (#6214)
Development Fixes
* Add jekyll doctor to GitHub Issue Template (#6169)
* Test with Ruby 2.4.1-1 on AppVeyor (#6176)
* set minimum requirement for jekyll-feed (#6184)
2.71.2 (2017/9/7)
* fix freebsd service check
* correct spelling mistake
2.71.1 (2017/8/31)
* Allow to test main package version on Alpine Linux
* get_version returns malformed value if the package name contains a hyphen
2.71.0 (2017/8/26)
* Allow to switch backends
2.70.2 (2017/8/26)
* Updated suse.rb to detect OS info on SUSE 11 machine
2.70.1 (2017/8/2)
* Fix freebsd commands
2.70.0 (2017/7/25)
* Add jexec backend to support FreeBSD jail.
* Facter/Ohai support for host_inventory
2.69.0 (2017/7/14)
* Support Debian 9
1.6.0 (2017/09/01)
* Rack::PostBodyContentTypeParser: if the middleware is told a POST body is
JSON, but it doesn't parse as JSON, then... it's not really JSON, and the
request is now rejected with a 400 response. Thanks to Yukihiko SAWANOBORI
(@sawanoboly) for the fix.
1.5.0 (2017/07/19)
After an extended hiatus, rack-contrib maintenance is back on track. This
is a tidy-up release, merging things that have sat around for far too long.
* git-version-bump has now been moved to being a development dependency,
thanks to Tobias Haagen Michaelsen.
* Rack::AcceptLocale can be restricted to a set of enforced locales, thanks to
Paco Guzman.
* Rack::NotFound's path argument is now optional, thanks to Ed Morley.
* Rack::BounceFavicon now has a description and tests, thanks to Steven
Wilkin.
* The automated Travis CI suite now tests all supported Ruby versions up to
2.4, which necessitated a few small changes.
### 0.9.1
o Added ssl_version options `TLSv1_1`, `TLSv1_2`, `TLSv1_3` for explicitly
forcing the SSL version
* requires the appropriate versions of libCURL and OpenSSL installed to
support these new options
* reference: https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
o Added a new `:http_version` option with `HTTPv1_1` and `HTTPv2_0` values to
explicitly set the HTTP version of HTTP/1.1 or HTTP/2.0
* requires the appropriate versions of libCURL and OpenSSL installed to
support these new options
* reference: https://curl.haxx.se/libcurl/c/CURLOPT_HTTP_VERSION.html
o Updates the gem release procedure for more convenience, using the updated
Rubygems.org tasks
o Update a few minor dependencies and documentation to be Ruby
2.4.1-compatible, add 2.4.1. to Travis CI matrix
o Add `Session#download_byte_limit` for limiting the permitted download size.
This can be very useful in dealing with untrusted download sources, which
might attempt to send very large responses that would overwhelm the
receiving client.
o Add `Patron.libcurl_version_exact` which returns a triplet of major, minor
and patch libCURL version numbers. This can be used for more fine-grained
matching when using some more esoteric Curl features which might not
necessarily be available on libCURL Patron has been linked against.
**Mustermann 1.0.1** (2017-08-26)
#### Docs
* Updating readme to list Ruby 2.2 as minimum
* Fix rendering of HTML table
* Update summary and description in gemspec file.
#### Fixes
* avoid infinite loop by removing comments when receiving extended regexp
* avoid unintended conflict of namespace
* use Regexp#source instead of Regexp#inspect
0.13.1 (2017/8/18)
* Fixes an incompatibility with Addressable::URI being used as uri_parser
0.13.0 (2017/8/15)
* Dynamically reloads the proxy when performing a request on an absolute
domain (#701)
* Prefer #hostname over #host. (#714)
* Adapter support for Net::HTTP::Persistent v3.0.0 (#619)
* Fixes an edge-case issue with response headers parsing (missing HTTP header)
(#719)
0.12.2 (2017/07/21)
* Parse headers from aggregated proxy requests/responses (#681)
* Guard against invalid middleware configuration with warning (#685)
* Do not use :insecure option by default in Patron (#691)
* Fixes an issue with HTTPClient not raising a Faraday::ConnectionFailed
(#702)
* Fixes YAML serialization/deserialization for Faraday::Utils::Headers (#690)
* Fixes an issue with Options having a nil value (#694)
* Fixes an issue with Faraday.default_connection not using
Faraday.default_connection_options (#698)
* Fixes an issue with Options.merge! and Faraday instrumentation middleware
(#710)
